Adjuncts

Access Security Gateway (ASG)

Access Security Gateway (ASG) is an optional authentication interface you can use to secure the voice mail, system administration and craft logins on the Avaya Message Storage Server (MSS). The Access Security Gateway (ASG) uses a challenge and response mechanism for secured access to dial-up communication ports. Whenever a dial-up port user begins a session on the system for purposes of administration or maintenance, the user must enter a valid login ID. If the ASG interface is activated, the system issues a numerical challenge. In order for the user to access the administration and maintenance features, the user must enter the correct numerical response. By activating the ASG feature, you can reduce the possibility of unauthorized remote access to the system.

You administer ASG parameters to specify whether access to the system requires ASG authentication. You can assign this protection to all system administration maintenance ports or to a subset of those ports. If the port or login being used is not protected by ASG, the user can enter the system with the standard login and password.

The following procedure describes how the ASG interface works:

At the beginning of a login session, the user is prompted to enter a login ID.

Upon receipt of the login ID, ASG generates a number based upon the system ASG secret key number and presents this 7-digit number as a challenge.

The user must have a hand-held device, called the ASG Key. The ASG Key must be set with an ASG secret key number that matches that of the user's ASG secret key number in the Modular Messaging system.

The user enters the PIN and challenge number into the ASG Key.

The ASG Key generates and displays a unique, 7-digit numerical response that corresponds to the challenge number.

The user enters the response number at the prompt.

If the response supplied by the user corresponds to the numerical response expected by the Modular Messaging system, the authentication is successful and the user is logged in to the system.

If the response does not correspond, the user is not authenticated and is denied access to the system. Also, the failed authentication attempt is recorded in the system history log.

Note: The system administrator determines how many login attempts are permitted. If the user is not authenticated after that number of attempts, the system displays the message INVALID LOGIN and terminates the session.

For more information on administering ASG on Modular Messaging, see Access Security Gateway (ASG). For more information about ASG and Avaya Modular Messaging security, see ASG Key User Guide, 585-212-012.

Mailbox Manager

Mailbox Manager (MBM) for Avaya Modular Messaging is a Windows interface for doing moves, adds, and changes on the Message Storage Server (MSS) of Modular Messaging system. With this software tool, administrators can create, edit, and delete subscribers and edit class of service (COS) profiles. You can also use MBM to configure subscriber management. MBM extracts information from the MSS and maintains an offline database on your desktop. You can make the desired changes to the subscribers and classes of service, and MBM sends it to the MSS.

Modular Messaging adjuncts use LDAP to transmit encrypted login credentials using the SASL mechanism. The SASL authentication is for "trusted server" clients like the MAS and Mailbox Manager. Mailbox Manager LDAP connection is a plain text LDAP connection (not SSL). Mailbox Manager can set user passwords via this interface. Note that while setting the user passwords, only the user passwords are encrypted (not the LDAP session).

Mailbox Manager is typically installed on a desktop or laptop PC used by the system administrator. It can be installed on their current workstation, providing it meets minimum requirements as described in the Mailbox Manager User Guide (PDF), available on the Mailbox Manager Software CD, and has a static IP address needed for the Trusted Server connection. However, if the corporate network has a dynamic host configuration protocol (DHCP) environment, Mailbox Manager must be installed on the Message Application Server (MAS).

Mailbox Manager connects via a network through a trusted server connection on the MSS. MBM uses the mbmserver trusted server profile on the MSS. The mbmserver profile consists of the IP address of the computer on which you have set up MBM and a password. Make sure that passwords are at least eight characters long and not composed of easily guessed words or numeric combinations. You must use alphanumeric character combinations for the trusted server passwords. Note that on changing the password for the mbmserver profile on the MSS, you have to run the Connection Setup wizard to establish connection between the MBM computer and the MSS. For more information, see Mailbox Manager User Guide (PDF) on the Mailbox Manager Software CD.

There are two types of logins that allow you to control access to the MBM, System Technician and System Administrator. The System Technician log in is reserved for technical support people. The System Administrator is the primary login and does not have a default password for it. You can create additional users and set up permissions for each user. It is advisable that all logins to MBM should be password protected. It is important that you do not leave any desktop or laptop machine that has MBM installed unattended, even for a little while. Make sure that you lock your computer every time you are not working on it. This will prevent any unauthorized access to MBM. It is also advisable to change the passwords on a regular basis as unauthorized people may obtain documentation copies of your system and adjuncts and circulate the administrative passwords to gain entry into your systems.